SlideShare a Scribd company logo

A computational model of computer virus propagation

U
UltraUploader
1 of 4
Download to read offline
1 A Computational Model of Computer Virus Propagation Li-Chiou Chen lichiou@andrew.cmu.edu Department of Engineering and Public Policy Center for the Computational Model of Social and Organizational Analysis Carnegie Mellon University Kathleen M. Carley KathleenCarley@andrew.cmu.edu Department of Social and Decision Sciences Center for the Computational Analysis of Social and Organizational Systems H.J. Heinz III School of Public Policy and Management Carnegie Mellon University Extended Abstract Computer virus infection is the most common computer security problem. This problem has imposed significant amount of financial losses to organizations (CSI, 2000). Even though most organizations have installed anti-virus software in their computers, majority of them still experienced computer virus infection (ICSA, 2000). Most anti-virus software could not detect a new virus unless it is patched with the new virus definition file. Disseminating the new virus information and patches is hence important to raise user awareness. However, little research has focused on evaluating the effectiveness of disseminating new virus information on reducing virus infection. We hence propose a corporate response model to investigate the effectiveness of warning message propagation. In addition, we use the model to study the influence of social network topology on the virus and warning message propagation. A computer virus is a segment of program code that will copy its code into one or more larger “host” programs when it is activated. A worm is a program that can run
2 independently and travel from machine to machine across network connections (Spafford, 1990). We will refer computer viruses to both computers viruses and worms in Spafford’s definition since most viruses today can be propagated in both ways. Epidemic propagation models (Bailey, 1975) have been applied on modeling the propagation of computer viruses (Kephart and White, 1993). Simulation models have been used to discuss the influence of the network topology (Kephart, 1994)(Wang, 2000)(Pastor- Satorras, 2001). However, neither the empirical topology data has been collected nor the characteristics of the topology have been further studied. In addition, the warning message propagation is related to the network topology, which could be a different network from the virus propagation network. A corporate response model is developed to describe computer viruses propagation and the warning messages propagation. The components of the model include the inter- organizational social network topology, the computer network topology, the virus propagation mechanism, and the node state transition diagram. The four components are described as follows: 1) The inter-organizational social network topology and computer network topology are both represented as a graph G = (V, E, W(i,j)) where V is a set of nodes and E is a set of edges. W(i,j) denotes the link between node i and j where i, j ∈ V. W(i,j) = 1 if a link exists between node i and node j and W(i,j) = 0 otherwise. We then apply social network analysis (Wasserman, 1994) measures, such as density and centralization, to characterize the network topology in our virtual experiments. A new measure, isolation, is needed to describe the computer virus propagation topology since the isolation nodes are critical to in the propagation process. Isolation of graph G, || || )( V S GI = , is defined as the number of isolated nodes divided by the total number of nodes in the graph. Isolated nodes refer to the nodes
3 that do no have any links with other nodes in the same graph. S , = { i: ∀j∈V, 0),( 1 =∑= N j jiW }, denotes a set of isolated nodes. 2) The virus propagation mechanisms are categorized as one-to-one, one-to-many, many-to-one, and many-to-many. The category refers to the number of infection source and the number of infection targets at once. 3) The node state transition diagram is used to describe the dynamics of a node over time, such as if a node is infected by a virus or warned by a warning message. The change of states is determined by the propagation of viruses through the social network and the propagation of warning messages through the computer network. We assume that the nodes will receive an automatic warning message if their computers physically connect to a computer that has already had one. Virtual experiments are conducted by varying the type of topology, the number of nodes, density and isolation. Experiment results show that random graph topology generated by the same density and isolation as real world data set could be used on modeling the social network of computer virus propagation. In addition, isolation is not an effective strategy for an organization if warning messages are propagated in the network. Isolating an organization from other nodes in the social network could isolate the node from virus infection but isolate the node from the warning messages as well. This result contradicts with many organizations have assumed. Bailey, N.J.T. 1975. The Mathematical Theory of Infectious Diseases and Its Applications. New York: Oxford University Press. CSI 2000. 'CSI/FBI Computer Crime and Security Survey' Computer Security Issues & Trend. ICSA 2000. 'ICSA Labs 6th Annual Computer Virus Prevalence Survey 2000': ICSA.net. Kephart, J.O. and White, S.R. 1993. 'Measuring and Modeling Computer Virus Prevalence' IEEE Computer Security Symposium on research in Security and Privacy. Oakland, California.
4 Kephart, J.O. 1994. 'How Topology Affects Population Dynamics' in Langton, C.G. (ed.) Artificial Life III. Reading, MA: Addison-Wesley. Pastor-Satorras, R. and Vespignani, A. 2001. 'Epidemic Dynamics and Endemic States in Complex Networks' . Barcelona, Spain: Universitat Politecnica de Catalunya. Spafford, E.H. 1994. 'Computer Viruses as Artificial Life'. Journal of Artificial Life. Wang, C., Knight, J.C. and Elder, M.C. 2000. 'On Computer Viral Infection and the Effect of Immunization' IEEE 16th Annual Computer Security Applications Conference. Wasserman, S. and Faust, K. 1994. Social Network Analysis: Methods and Applications. Cambridge: Cambridge University Press.

Recommended

The comparison of immunization
The comparison of immunizationThe comparison of immunization
The comparison of immunizationIJCNCJournal
 
Complex networks: community detection and virus propagation
Complex networks: community detection and virus propagationComplex networks: community detection and virus propagation
Complex networks: community detection and virus propagationEliezer Silva
 
Detecting root of the rumor in social network using GSSS
Detecting root of the rumor in social network using GSSSDetecting root of the rumor in social network using GSSS
Detecting root of the rumor in social network using GSSSIRJET Journal
 
Scott 校外口試
Scott 校外口試Scott 校外口試
Scott 校外口試jilung hsieh
 
Community detection in complex network
Community detection in complex networkCommunity detection in complex network
Community detection in complex networkI MT
 
An epidemic model of mobile phone virus
An epidemic model of mobile phone virusAn epidemic model of mobile phone virus
An epidemic model of mobile phone virusUltraUploader
 
Turing Talk Slides
Turing Talk SlidesTuring Talk Slides
Turing Talk SlidesAnnu Sharma
 
Penn State Researchers Code Targets Stealthy Computer Worms
Penn State Researchers Code Targets Stealthy Computer WormsPenn State Researchers Code Targets Stealthy Computer Worms
Penn State Researchers Code Targets Stealthy Computer Wormsdgrinnell
 

Recommended

The comparison of immunization
The comparison of immunizationThe comparison of immunization
The comparison of immunizationIJCNCJournal
 
Complex networks: community detection and virus propagation
Complex networks: community detection and virus propagationComplex networks: community detection and virus propagation
Complex networks: community detection and virus propagationEliezer Silva
 
Detecting root of the rumor in social network using GSSS
Detecting root of the rumor in social network using GSSSDetecting root of the rumor in social network using GSSS
Detecting root of the rumor in social network using GSSSIRJET Journal
 
Scott 校外口試
Scott 校外口試Scott 校外口試
Scott 校外口試jilung hsieh
 
Community detection in complex network
Community detection in complex networkCommunity detection in complex network
Community detection in complex networkI MT
 
An epidemic model of mobile phone virus
An epidemic model of mobile phone virusAn epidemic model of mobile phone virus
An epidemic model of mobile phone virusUltraUploader
 
Turing Talk Slides
Turing Talk SlidesTuring Talk Slides
Turing Talk SlidesAnnu Sharma
 
Penn State Researchers Code Targets Stealthy Computer Worms
Penn State Researchers Code Targets Stealthy Computer WormsPenn State Researchers Code Targets Stealthy Computer Worms
Penn State Researchers Code Targets Stealthy Computer Wormsdgrinnell
 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagationUltraUploader
 
A proposed taxonomy of software weapons
A proposed taxonomy of software weaponsA proposed taxonomy of software weapons
A proposed taxonomy of software weaponsUltraUploader
 
Acquisition of malicious code using active learning
Acquisition of malicious code using active learningAcquisition of malicious code using active learning
Acquisition of malicious code using active learningUltraUploader
 
A parallel string matching engine for use in high speed network intrusion det...
A parallel string matching engine for use in high speed network intrusion det...A parallel string matching engine for use in high speed network intrusion det...
A parallel string matching engine for use in high speed network intrusion det...UltraUploader
 
A bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureA bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureUltraUploader
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithmsUltraUploader
 
An epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupAn epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupUltraUploader
 
A study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsA study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsUltraUploader
 
Advanced polymorphic techniques
Advanced polymorphic techniquesAdvanced polymorphic techniques
Advanced polymorphic techniquesUltraUploader
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zooUltraUploader
 
A feature selection and evaluation scheme for computer virus detection
A feature selection and evaluation scheme for computer virus detectionA feature selection and evaluation scheme for computer virus detection
A feature selection and evaluation scheme for computer virus detectionUltraUploader
 
A unified prediction of computer virus spread in connected networks
A unified prediction of computer virus spread in connected networksA unified prediction of computer virus spread in connected networks
A unified prediction of computer virus spread in connected networksUltraUploader
 
An architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesAn architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesUltraUploader
 
A mixed abstraction level simulation model of large scale internet worm infes...
A mixed abstraction level simulation model of large scale internet worm infes...A mixed abstraction level simulation model of large scale internet worm infes...
A mixed abstraction level simulation model of large scale internet worm infes...UltraUploader
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virologyUltraUploader
 
A technique for removing an important class of trojan horses from high order ...
A technique for removing an important class of trojan horses from high order ...A technique for removing an important class of trojan horses from high order ...
A technique for removing an important class of trojan horses from high order ...UltraUploader
 
A distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune systemA distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune systemUltraUploader
 
Basic input output system (bios)
Basic input output system (bios)Basic input output system (bios)
Basic input output system (bios)MULTIMEDIA 'n BROADCASTING SMKN 1 PUNGGING MOJOKERTO
 
Bios
BiosBios
BiosAna Bianculli
 
A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...
A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...
A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...IJCNCJournal
 
Secure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-MailSecure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-MailIJERA Editor
 

More Related Content

Viewers also liked

An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagationUltraUploader
 
A proposed taxonomy of software weapons
A proposed taxonomy of software weaponsA proposed taxonomy of software weapons
A proposed taxonomy of software weaponsUltraUploader
 
Acquisition of malicious code using active learning
Acquisition of malicious code using active learningAcquisition of malicious code using active learning
Acquisition of malicious code using active learningUltraUploader
 
A parallel string matching engine for use in high speed network intrusion det...
A parallel string matching engine for use in high speed network intrusion det...A parallel string matching engine for use in high speed network intrusion det...
A parallel string matching engine for use in high speed network intrusion det...UltraUploader
 
A bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureA bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureUltraUploader
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithmsUltraUploader
 
An epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupAn epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupUltraUploader
 
A study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsA study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsUltraUploader
 
Advanced polymorphic techniques
Advanced polymorphic techniquesAdvanced polymorphic techniques
Advanced polymorphic techniquesUltraUploader
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zooUltraUploader
 
A feature selection and evaluation scheme for computer virus detection
A feature selection and evaluation scheme for computer virus detectionA feature selection and evaluation scheme for computer virus detection
A feature selection and evaluation scheme for computer virus detectionUltraUploader
 
A unified prediction of computer virus spread in connected networks
A unified prediction of computer virus spread in connected networksA unified prediction of computer virus spread in connected networks
A unified prediction of computer virus spread in connected networksUltraUploader
 
An architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesAn architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesUltraUploader
 
A mixed abstraction level simulation model of large scale internet worm infes...
A mixed abstraction level simulation model of large scale internet worm infes...A mixed abstraction level simulation model of large scale internet worm infes...
A mixed abstraction level simulation model of large scale internet worm infes...UltraUploader
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virologyUltraUploader
 
A technique for removing an important class of trojan horses from high order ...
A technique for removing an important class of trojan horses from high order ...A technique for removing an important class of trojan horses from high order ...
A technique for removing an important class of trojan horses from high order ...UltraUploader
 
A distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune systemA distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune systemUltraUploader
 

Viewers also liked (20)

An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagation
 
A proposed taxonomy of software weapons
A proposed taxonomy of software weaponsA proposed taxonomy of software weapons
A proposed taxonomy of software weapons
 
Acquisition of malicious code using active learning
Acquisition of malicious code using active learningAcquisition of malicious code using active learning
Acquisition of malicious code using active learning
 
A parallel string matching engine for use in high speed network intrusion det...
A parallel string matching engine for use in high speed network intrusion det...A parallel string matching engine for use in high speed network intrusion det...
A parallel string matching engine for use in high speed network intrusion det...
 
A bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureA bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cure
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithms
 
An epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanupAn epidemiological model of virus spread and cleanup
An epidemiological model of virus spread and cleanup
 
A study of anti virus' response to unknown threats
A study of anti virus' response to unknown threatsA study of anti virus' response to unknown threats
A study of anti virus' response to unknown threats
 
Advanced polymorphic techniques
Advanced polymorphic techniquesAdvanced polymorphic techniques
Advanced polymorphic techniques
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zoo
 
A feature selection and evaluation scheme for computer virus detection
A feature selection and evaluation scheme for computer virus detectionA feature selection and evaluation scheme for computer virus detection
A feature selection and evaluation scheme for computer virus detection
 
A unified prediction of computer virus spread in connected networks
A unified prediction of computer virus spread in connected networksA unified prediction of computer virus spread in connected networks
A unified prediction of computer virus spread in connected networks
 
An architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesAn architecture for generating semantic aware signatures
An architecture for generating semantic aware signatures
 
A mixed abstraction level simulation model of large scale internet worm infes...
A mixed abstraction level simulation model of large scale internet worm infes...A mixed abstraction level simulation model of large scale internet worm infes...
A mixed abstraction level simulation model of large scale internet worm infes...
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virology
 
A technique for removing an important class of trojan horses from high order ...
A technique for removing an important class of trojan horses from high order ...A technique for removing an important class of trojan horses from high order ...
A technique for removing an important class of trojan horses from high order ...
 
A distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune systemA distributed approach against computer viruses inspired by the immune system
A distributed approach against computer viruses inspired by the immune system
 
Basic input output system (bios)
Basic input output system (bios)Basic input output system (bios)
Basic input output system (bios)
 
Bios
BiosBios
Bios
 

Similar to A computational model of computer virus propagation

A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...
A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...
A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...IJCNCJournal
 
Secure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-MailSecure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-MailIJERA Editor
 
Malware propagation in large scale networks
Malware propagation in large scale networksMalware propagation in large scale networks
Malware propagation in large scale networksPvrtechnologies Nellore
 
Malware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale NetworksMalware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale Networks1crore projects
 
A memory symptom based virus detection approach
A memory symptom based virus detection approachA memory symptom based virus detection approach
A memory symptom based virus detection approachUltraUploader
 
Modeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
Modeling and Threshold Sensitivity Analysis of Computer Virus EpidemicModeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
Modeling and Threshold Sensitivity Analysis of Computer Virus EpidemicIOSR Journals
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
 
Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficAlexander Decker
 
A general stochastic information diffusion model in social networks based on ...
A general stochastic information diffusion model in social networks based on ...A general stochastic information diffusion model in social networks based on ...
A general stochastic information diffusion model in social networks based on ...IJCNCJournal
 
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...Subhajit Sahu
 
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...Subhajit Sahu
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksUltraUploader
 
Machine Learning of Epidemic Processes in Networks
Machine Learning of Epidemic Processes in NetworksMachine Learning of Epidemic Processes in Networks
Machine Learning of Epidemic Processes in NetworksFrancisco Rodrigues, Ph.D.
 
Computational Epidemiology (Review) : Notes
Computational Epidemiology (Review) : NotesComputational Epidemiology (Review) : Notes
Computational Epidemiology (Review) : NotesSubhajit Sahu
 
Assessment of the main features of the model of dissemination of information ...
Assessment of the main features of the model of dissemination of information ...Assessment of the main features of the model of dissemination of information ...
Assessment of the main features of the model of dissemination of information ...IJECEIAES
 
A cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetA cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetUltraUploader
 
A stochastic model of multivirus dynamics
A stochastic model of multivirus dynamicsA stochastic model of multivirus dynamics
A stochastic model of multivirus dynamicsJPINFOTECH JAYAPRAKASH
 
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...IJCSEA Journal
 

Similar to A computational model of computer virus propagation (20)

A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...
A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...
A COMPUTER VIRUS PROPAGATION MODEL USING DELAY DIFFERENTIAL EQUATIONS WITH PR...
 
Secure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-MailSecure and Reliable Data Transmission in Generalized E-Mail
Secure and Reliable Data Transmission in Generalized E-Mail
 
Malware propagation in large scale networks
Malware propagation in large scale networksMalware propagation in large scale networks
Malware propagation in large scale networks
 
Malware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale NetworksMalware Propagation in Large-Scale Networks
Malware Propagation in Large-Scale Networks
 
A memory symptom based virus detection approach
A memory symptom based virus detection approachA memory symptom based virus detection approach
A memory symptom based virus detection approach
 
I017134347
I017134347I017134347
I017134347
 
Modeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
Modeling and Threshold Sensitivity Analysis of Computer Virus EpidemicModeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
Modeling and Threshold Sensitivity Analysis of Computer Virus Epidemic
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligence
 
Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network traffic
 
A general stochastic information diffusion model in social networks based on ...
A general stochastic information diffusion model in social networks based on ...A general stochastic information diffusion model in social networks based on ...
A general stochastic information diffusion model in social networks based on ...
 
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
 
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
Massively Parallel Simulations of Spread of Infectious Diseases over Realisti...
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networks
 
Machine Learning of Epidemic Processes in Networks
Machine Learning of Epidemic Processes in NetworksMachine Learning of Epidemic Processes in Networks
Machine Learning of Epidemic Processes in Networks
 
Computational Epidemiology (Review) : Notes
Computational Epidemiology (Review) : NotesComputational Epidemiology (Review) : Notes
Computational Epidemiology (Review) : Notes
 
Assessment of the main features of the model of dissemination of information ...
Assessment of the main features of the model of dissemination of information ...Assessment of the main features of the model of dissemination of information ...
Assessment of the main features of the model of dissemination of information ...
 
A cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetA cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internet
 
A stochastic model of multivirus dynamics
A stochastic model of multivirus dynamicsA stochastic model of multivirus dynamics
A stochastic model of multivirus dynamics
 
35
3535
35
 
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
A CLOUD-BASED PROTOTYPE IMPLEMENTATION OF A DISEASE OUTBREAK NOTIFICATION SYS...
 

More from UltraUploader

01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hackingUltraUploader
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)UltraUploader
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manualUltraUploader
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...UltraUploader
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manualeUltraUploader
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)UltraUploader
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)UltraUploader
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoriaUltraUploader
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorUltraUploader
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applicationsUltraUploader
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worriesUltraUploader
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...UltraUploader
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyUltraUploader
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesUltraUploader
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer virusesUltraUploader
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signalsUltraUploader
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityUltraUploader
 

More from UltraUploader (20)

1 (1)
1 (1)1 (1)
1 (1)
 
01 intro
01 intro01 intro
01 intro
 
01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hacking
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manual
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
 
Blast off!
Blast off!Blast off!
Blast off!
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassembly
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer viruses
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer viruses
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signals
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
 

A computational model of computer virus propagation

  • 1. 1 A Computational Model of Computer Virus Propagation Li-Chiou Chen lichiou@andrew.cmu.edu Department of Engineering and Public Policy Center for the Computational Model of Social and Organizational Analysis Carnegie Mellon University Kathleen M. Carley KathleenCarley@andrew.cmu.edu Department of Social and Decision Sciences Center for the Computational Analysis of Social and Organizational Systems H.J. Heinz III School of Public Policy and Management Carnegie Mellon University Extended Abstract Computer virus infection is the most common computer security problem. This problem has imposed significant amount of financial losses to organizations (CSI, 2000). Even though most organizations have installed anti-virus software in their computers, majority of them still experienced computer virus infection (ICSA, 2000). Most anti-virus software could not detect a new virus unless it is patched with the new virus definition file. Disseminating the new virus information and patches is hence important to raise user awareness. However, little research has focused on evaluating the effectiveness of disseminating new virus information on reducing virus infection. We hence propose a corporate response model to investigate the effectiveness of warning message propagation. In addition, we use the model to study the influence of social network topology on the virus and warning message propagation. A computer virus is a segment of program code that will copy its code into one or more larger “host” programs when it is activated. A worm is a program that can run
  • 2. 2 independently and travel from machine to machine across network connections (Spafford, 1990). We will refer computer viruses to both computers viruses and worms in Spafford’s definition since most viruses today can be propagated in both ways. Epidemic propagation models (Bailey, 1975) have been applied on modeling the propagation of computer viruses (Kephart and White, 1993). Simulation models have been used to discuss the influence of the network topology (Kephart, 1994)(Wang, 2000)(Pastor- Satorras, 2001). However, neither the empirical topology data has been collected nor the characteristics of the topology have been further studied. In addition, the warning message propagation is related to the network topology, which could be a different network from the virus propagation network. A corporate response model is developed to describe computer viruses propagation and the warning messages propagation. The components of the model include the inter- organizational social network topology, the computer network topology, the virus propagation mechanism, and the node state transition diagram. The four components are described as follows: 1) The inter-organizational social network topology and computer network topology are both represented as a graph G = (V, E, W(i,j)) where V is a set of nodes and E is a set of edges. W(i,j) denotes the link between node i and j where i, j ∈ V. W(i,j) = 1 if a link exists between node i and node j and W(i,j) = 0 otherwise. We then apply social network analysis (Wasserman, 1994) measures, such as density and centralization, to characterize the network topology in our virtual experiments. A new measure, isolation, is needed to describe the computer virus propagation topology since the isolation nodes are critical to in the propagation process. Isolation of graph G, || || )( V S GI = , is defined as the number of isolated nodes divided by the total number of nodes in the graph. Isolated nodes refer to the nodes
  • 3. 3 that do no have any links with other nodes in the same graph. S , = { i: ∀j∈V, 0),( 1 =∑= N j jiW }, denotes a set of isolated nodes. 2) The virus propagation mechanisms are categorized as one-to-one, one-to-many, many-to-one, and many-to-many. The category refers to the number of infection source and the number of infection targets at once. 3) The node state transition diagram is used to describe the dynamics of a node over time, such as if a node is infected by a virus or warned by a warning message. The change of states is determined by the propagation of viruses through the social network and the propagation of warning messages through the computer network. We assume that the nodes will receive an automatic warning message if their computers physically connect to a computer that has already had one. Virtual experiments are conducted by varying the type of topology, the number of nodes, density and isolation. Experiment results show that random graph topology generated by the same density and isolation as real world data set could be used on modeling the social network of computer virus propagation. In addition, isolation is not an effective strategy for an organization if warning messages are propagated in the network. Isolating an organization from other nodes in the social network could isolate the node from virus infection but isolate the node from the warning messages as well. This result contradicts with many organizations have assumed. Bailey, N.J.T. 1975. The Mathematical Theory of Infectious Diseases and Its Applications. New York: Oxford University Press. CSI 2000. 'CSI/FBI Computer Crime and Security Survey' Computer Security Issues & Trend. ICSA 2000. 'ICSA Labs 6th Annual Computer Virus Prevalence Survey 2000': ICSA.net. Kephart, J.O. and White, S.R. 1993. 'Measuring and Modeling Computer Virus Prevalence' IEEE Computer Security Symposium on research in Security and Privacy. Oakland, California.
  • 4. 4 Kephart, J.O. 1994. 'How Topology Affects Population Dynamics' in Langton, C.G. (ed.) Artificial Life III. Reading, MA: Addison-Wesley. Pastor-Satorras, R. and Vespignani, A. 2001. 'Epidemic Dynamics and Endemic States in Complex Networks' . Barcelona, Spain: Universitat Politecnica de Catalunya. Spafford, E.H. 1994. 'Computer Viruses as Artificial Life'. Journal of Artificial Life. Wang, C., Knight, J.C. and Elder, M.C. 2000. 'On Computer Viral Infection and the Effect of Immunization' IEEE 16th Annual Computer Security Applications Conference. Wasserman, S. and Faust, K. 1994. Social Network Analysis: Methods and Applications. Cambridge: Cambridge University Press.